Stay organized with collections Save and categorize content based on your preferences.

App Engine Requirement

Previously, all Firestore databases were linked to an App Engine app. When linked, your database requires an active App Engine app in the same project. Without the active App Engine app, read and write access to the database is disabled.

Firestore databases are now provisioned unlinked from App Engine by default.

If your database is linked to an App Engine, you can unlink your database.

Active App Engine

An active App Engine app means that an app exists in the same project and that this app is not disabled. It does not require that app to have any usage. The linked app and database must exist in the same region.

If you disable your App Engine app, you also disable access to the Firestore database linked to that app.

You can check the App Engine unlink state using the REST API:

curl  --header "Authorization: Bearer $(gcloud auth print-access-token)" \
--header "Content-type: application/json" \
"https://firestore.googleapis.com/v1/projects/PROJECT_ID/databases/(default)"

In the response, look at the value of appEngineIntegrationMode. If the value is DISABLED, your database is not linked to an App Engine app.

If you disable a linked App Engine app, you also disable read and write access to your database. If this happens, the Firestore Data page in Google Cloud console presents the option to unlink your database from the App Engine app. Click Unlink Database to begin the process.

Go to Firestore Data

You can also unlink your database using the REST API:

curl -X PATCH \
--header "Authorization: Bearer $(gcloud auth print-access-token)" \
--header "Content-type: application/json" \
--data '{"app_engine_integration_mode": "DISABLED"}' \
"https://firestore.googleapis.com/v1/projects/PROJECT_ID/databases/(default)?updateMask=appEngineIntegrationMode"

When you unlink your database, you can disable App Engine without affecting access to your database. Unlinking is a permanent operation. It may take up to five minutes for the unlinking operation to take effect.

Firestore API Requirement

Previously, all Firestore databases were linked to an App Engine app. Firestore databases are now provisioned unlinked from App Engine by default. Additionally, all databases, both existing and newly created, now have the following requirements:

  • To manage your database from the Google Cloud console and the gcloud CLI, the Firestore API must be enabled in the project. This is required for both Firestore in Native mode and Firestore in Datastore mode databases.

  • When executed from the Google Cloud console or the gcloud CLI, the administrative operations below will require the following IAM permissions:

    • Create database: datastore.databases.create
    • View database metadata: datastore.databases.getMetadata
    • Edit database metadata: datastore.databases.update

Predefined roles such as Datastore User and Datastore Viewer include the required permissions. If you created any custom IAM roles, you may need to update them to include the permissions above.

If you previously defined custom role for Datastore, it might lack the datastore.databases.getMetadata permission. Ensure continued access by updating your custom roles with datastore.databases.getMetadata or by using a predefined role.